From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2OwmAJ/d9WPfUAAAbAwnHQ (envelope-from ) for ; Wed, 22 Feb 2023 10:17:19 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id GLHiOp7d9WOdNQEAG6o9tA (envelope-from ) for ; Wed, 22 Feb 2023 10:17:18 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6ED0ADC1C for ; Wed, 22 Feb 2023 10:17:18 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pUlFH-0000Rh-L1; Wed, 22 Feb 2023 04:17:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUlFG-0000R5-D7 for guix-patches@gnu.org; Wed, 22 Feb 2023 04:17:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pUlFG-000575-58 for guix-patches@gnu.org; Wed, 22 Feb 2023 04:17:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pUlFF-0007l0-Pq for guix-patches@gnu.org; Wed, 22 Feb 2023 04:17:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61363] [PATCH 2/2] self: Apply grafts to the outputs of the guix derivation. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 22 Feb 2023 09:17:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61363 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Baines Cc: 61363@debbugs.gnu.org Received: via spool by 61363-submit@debbugs.gnu.org id=B61363.167705739029773 (code B ref 61363); Wed, 22 Feb 2023 09:17:01 +0000 Received: (at 61363) by debbugs.gnu.org; 22 Feb 2023 09:16:30 +0000 Received: from localhost ([127.0.0.1]:57955 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pUlEk-0007k9-5C for submit@debbugs.gnu.org; Wed, 22 Feb 2023 04:16:30 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pUlEh-0007jv-3s for 61363@debbugs.gnu.org; Wed, 22 Feb 2023 04:16:29 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUlEb-0004rr-H0; Wed, 22 Feb 2023 04:16:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=tQ0D4ojXhWGmIlecBqN6ZOKnGeejzQ+ekk7iCRmDpRs=; b=ppJADP/UqUfMKCvtJY/N ofBM9eC+F7jgefGzu77zJ1K864V3ymxPaHN9Sh2+RZqtHH7ULOnYJijQNhmL5bAkCzkKNNWRhNHwA mpeIeVOCtlfTtoSPHmLBS9z7S+aUMpj+Ni3OlMObunnKvUpgAFZ22UuyYmhc7bMAvIq8ORi3K51Kg vkp65luxa+Qk9Oir95+166nO+qClMZgOV4R8TkC9/ui3ZHJ1Lum0dNrpQ8XeFKkHQMJiYhoB53VF4 8vqeHdRBopwsTWHAuvzHh6ufJRyDDDnAyQ8otc4EVHgIJtiYqoAxWhaWzXSKv8YIaKeD5VYhULXFC b+Ps9k/+DbE2IA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pUlEW-0006gx-AX; Wed, 22 Feb 2023 04:16:21 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20230208075403.11788-1-mail@cbaines.net> <20230208075403.11788-2-mail@cbaines.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 4 =?UTF-8?Q?Vent=C3=B4se?= an 231 de la =?UTF-8?Q?R=C3=A9volution,?= jour du =?UTF-8?Q?Tro=C3=A8ne?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 22 Feb 2023 10:16:14 +0100 In-Reply-To: <20230208075403.11788-2-mail@cbaines.net> (Christopher Baines's message of "Wed, 8 Feb 2023 08:54:03 +0100") Message-ID: <87sfey9i1t.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677057438; a=rsa-sha256; cv=none; b=Auievu8UCsS5yXkAJKBQ+EUfao8ogc5gjh5fDUu05WN8OjTbpfAwrcni9DDmMb73IQnQYH 6JxtvNuTGsGWZCkIDKiO9ikQ2Yy+9PCl3qjo5wMqLOK7k1MT2YOnueo4cPymmBUSG5VB0k S3q2NOEYPcUKlS5xtcMz7JwizEDPfkP054GxvoNvhKCVbRFmBb77CUHbZFg664zrp9Asrc EXEYaeLV0TddfyioNtzUvw8DKtB0XKjg0Vv8vHfMaVtSwjWnW+UiYkua3GCJ6pYV3IxY86 yMs7h1+/7gwaLO2m/FA+HZSXyuiHIDzSADSGyRItmxNakr9SXde1LLQkhw2asA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b="ppJADP/U"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677057438; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=tQ0D4ojXhWGmIlecBqN6ZOKnGeejzQ+ekk7iCRmDpRs=; b=Xh2zgCgJCo20tVj8T969UaDLTa4tMd4LkRC0HlV2J4kYVwBqr3DJ4EXEzhpA4d0K7aG4sK VFkUIPNRktdB+Ow6yZ70NU3HNwO93Dptn9wHg3P2Pufx6n3qiKRczFmW3PjvPI4cfgUEJ/ xO7A3CnrNSpvy4XW0FnFSVoHxXkvVFYIipmgMmu9Knj40vrldm/kJnYQlxpeJWbkvIVJlT /gR95E2ID1YrG8tFjsSpq8NNXZkqPGOpKjJn7e/MiQmd0A/VfalqVhEh0wDcSOj4jq0Hs9 deO69KAxwnhp4sJ//dVtDY+QqAgKGUaG+Wd0Op1jkYD4HX4aDZQqUQuGXY9MrQ== Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b="ppJADP/U"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org X-Spam-Score: -4.06 X-Migadu-Queue-Id: 6ED0ADC1C X-Migadu-Scanner: scn1.migadu.com X-Migadu-Spam-Score: -4.06 X-TUID: hE8Woa5V63rJ Hi, Christopher Baines skribis: > Rather than having grafts apply to the derivation itself. This moves graf= ting > here to work like grafting for packages, where you can think of the graft= ed > outputs as a transformed variant of the ungrafted outputs. Hmm. > I'm looking at this as it'll allow the Guix Data Service to compute the > derivations without grafts, and for these to be useful for substitutes > regardless of whether users are using grafts. How does it help exactly? By disabling grafts in that context? > +++ b/guix/self.scm > @@ -752,7 +752,8 @@ (define* (compiled-guix source #:key > (gzip (specification->package "gzip")) > (bzip2 (specification->package "bzip2")) > (xz (specification->package "xz")) > - (guix (specification->package "guix"))) > + (guix (specification->package "guix")) > + (graft? #t)) > "Return a file-like object that contains a compiled Guix." > (define guile-avahi > (specification->package "guile-avahi")) > @@ -802,6 +803,12 @@ (define dependencies > guile-json guile-semver guile-ssh guile-sqlite3 > guile-lib guile-zlib guile-lzlib guile-zstd))) >=20=20 > + (define packages > + (cons* gzip > + bzip2 > + xz > + dependencies)) > + [...] > + (let ((obj (built-modules (lambda (node) > + (list (node-source node) > + (node-compiled node)))))) > + (if graft? > + (explicit-grafting obj packages) > + obj))) There are two things I=E2=80=99m not comfortable with: 1. Having in (guix packages); it looks misplaced. 2. More importantly, manually listing packages that might require grafting looks like a slippery slope (=E2=80=9Coops! we=E2=80=99re not= getting the GnuTLS graft for that CVE, too bad=E2=80=9D). I designed and implemented several variants to try and delay grafting. One of them consisted in carrying graft information in gexps: https://git.savannah.gnu.org/cgit/guix.git/log?h=3Dwip-gexp-grafts It=E2=80=99s kinda similar to what you=E2=80=99re proposing in that graft i= nformation is carried as far as possible. The main difference is that it=E2=80=99s autom= ated. Hmm needs more thought. Ludo=E2=80=99.